Protected Disclosures Update – Recent Case Law and the New EU Whistleblower’s Directive
Two recent Protected Disclosures decisions, one Irish and one English, are noteworthy.
The first of these cases, a decision of the Irish High Court in Tibor Baranya v Rosderra Irish Meats Group Limited, considered whether a statement raised by an employee is a grievance or protected disclosure or possibly both?
Under the Protected Disclosures Act 2014 (the “PDA”), a protected disclosure is a disclosure made by a worker, in the manner specified in the PDA, of information which, in the reasonable belief of the worker, tends to show one or more relevant wrongdoings and came to the attention of the worker in connection with the worker’s employment. A list of the eight “relevant wrongdoings” is set out in section 5(3) (a) to (h) of the PDA and (d) is that “the health or safety of any individual has been, is being or is likely to be endangered”.
In this case, the appellant employee claimed he was unfairly dismissed after making a protected disclosure. The disclosure was a comment made by Mr Baranya to the Health and Safety Officer of the employer that he wanted to change roles as he was in pain. However, he did not expressly state that he was in pain as a result of his current role. The employer argued that, as the relevant communication related solely to the employee making the communication, it was a grievance rather than a protected disclosure.
The Labour Court agreed with the employer, finding that there was an “effective spectrum” between a grievance and a protected disclosure, and that it was possible for there to be some overlap between the two. It noted that the test for whether a communication is a protected disclosure is whether relevant information is disclosed which the employee reasonably believes shows a relevant wrongdoing by the employer.
In this case, the Labour Court found that as the comment made to the Health and Safety Officer did not disclose any particular wrongdoing by the employer, it was not a protected disclosure.
The High Court, on appeal, found that the Labour Court had properly considered the communication made by the employee but had found it more “circumspect” than he had claimed it was. The communication did not reveal any act or omission by the employer that could be considered any kind of wrongdoing. It was also not possible to read into the communication any reasonable belief of wrongdoing on the part of the employer.
The High Court also rejected the employee’s claim that the Labour Court decision could be interpreted to mean that a grievance and protected disclosure could never overlap. It noted that the Labour Court had held that the communication was a grievance not a protected disclosure, as opposed to a grievance rather than a protected disclosure. The employee’s appeal was therefore dismissed.
The second case is a decision of the Court of Appeal of England and Wales (CoA) in Jesudason v Alder Hey Children’s NHS Foundation Trust where the CoA considered the question of what could be classed as “detriment” and, if detriment is established, whether it was suffered by reason of having made a protected disclosure.
The employee had been employed as a paediatric surgeon for the defendant (the Trust). He made a number of serious allegations of fundamental failings in how the paediatric department was run by the Trust. These allegations were made to the Trust, MPs, regulatory bodies and third parties, including members of the media.
An independent report was commissioned by the Trust, which ultimately found that some but not all of the employee’s allegations were substantiated. It identified a number of failings on the part of the Trust and specifically failings in the way the whistleblowing procedure had been handled.
Following this, the Trust wrote to internal and external parties stating that, following a thorough investigation, all of the employee’s allegations had been found to be “completely without foundation” and that his actions had “weakened genuine whistleblowing”.
The employee lodged a complaint with an UK employment tribunal on the grounds of race discrimination and whistleblowing detriment as a result of the Trust’s correspondence.
The employment tribunal found that the Trust was simply defending its position and refuting the employee’s allegations, and that the letters could not reasonably be seen as causing detriment. This decision was upheld by the UK Employment Appeal Tribunal (EAT).
The CoA reversed the finding that there had been no detriment. It found that, although the Trust’s purpose in writing the letters was to refute the employee’s allegations, it had not made clear that some of Mr Jesudason’s complaints were justified. Without this clarification, it could be inferred that he had acted in bad faith in some way by making wholly unsubstantiated allegations.
It also rejected the Trust’s argument that because the purpose of the letters was to “set the record straight” it therefore could not be seen as detriment. The CoA noted that detrimental observations about the employee did not cease to be a detriment simply because of the Trust’s motive.
However, the CoA noted that an employer’s motive becomes a relevant factor if there is a complaint of whistleblower’s detriment, as it would be necessary to consider whether or not the action taken by the employer was as a result of an employee making a protected disclosure. In this case, the Trust had sent the letters to minimise the potentially damaging and partly-misleading claims that the employee had put into the public domain. It had not therefore been done because he had made a protected disclosure.
The CoA accordingly dismissed the employee’s appeal, finding that he had suffered no detriment on the grounds of making a protected disclosure.
The cases demonstrate that in considering whether a disclosure is a “protected disclosure“ and in considering whether an employer’s reaction constitutes actionable “detriment”, detailed and careful consideration of the disclosure itself and of the surrounding circumstances is necessary.
It is of course the case that many employers in their own procedures have adopted a wider definition or description of the disclosures that will be investigated and that consideration of whether a disclosure is protected or not by the PDA will not arise unless the disclosing employee makes it an issue by raising it in the context of a dismissal or penalisation or detriment claim. Employers receiving a disclosure should apply their own procedures, ensuring that those procedures are compliant with the law, and take legal advice as necessary.
What next? The EU Whistleblowing Directive
The Whistleblowing Directive, which was enacted on 16 December 2019, will involve substantial changes to protected disclosures and whistleblowing legislation across the EU. Member States have until 17 December 2021 to implement the new provisions.
In Ireland the principle legislation governing the whistleblowing regime is the PDA. There is other legislation specific to certain sectors such as financial services, for example the Bank (Supervision and Enforcement) Act 2013, but the purpose of this briefing is to focus on the general whistleblowing regime under the PDA.
While the PDA already covers certain matters provided for in the Directive the PDA must undergo some substantial changes before the end of next year to comply with the Directive, the most notable of these being:
- Extension to Private Sector – The PDA currently requires only public sector employers to have a whistle-blowing policy in place. The Directive extends that obligation to the private sector, with a mandatory requirement for companies with 50 or more employees to establish internal reporting channels and to follow up on reports of breaches of EU law and to provide protection for certain whistleblowers (i.e. protection against retaliation). However, entities of any size falling under EU law relating to financial services, products, markets, prevention of money-laundering and terrorist financing, transport safety, and protection of the environment will have to comply with these requirements, irrespective of their size. Member States may undertake risk assessments on companies with less than 50 employees and, if necessary, require these companies to comply, particularly those operating in the areas of environment and health. The Directive allows companies with between 50 and 249 employees share resources for the receipt and investigation of reports of wrongdoing.
- Extension of “Relevant Wrongdoings” – The Directive expands the ambit of relevant wrongdoings by encompassing breaches of financial services, products and markets, and prevention of money-laundering and terrorist financing, corporate tax laws, food, product and transport safety, animal health, protection and welfare, environmental protection, public procurement, data protection, consumer protection, radiation, nuclear safety and public health and breaches affecting the financial interests of the European Union and the single market.
- Extension of “Reporting Persons” – Currently the PDA extends its protections to “workers” which includes an employee, consultant, agency worker, a person undergoing experience or training, a civil servant, a member of the Garda Síochána and a member of the Defence Forces or Reserve Defence Forces. The Directive extends its protections much wider to include legal and well as natural persons and to shareholders, volunteers and unpaid interns and trainees, those who report on breaches which they became aware of during employment which has since ended and those not yet recruited where the information on a breach has been acquired during the recruitment process or other pre-contractual negotiation. The Directive also affords protection against retaliatory measures taken not only directly vis-à-vis reporting persons themselves but also those that can be taken indirectly, including vis-à-vis facilitators, colleagues or relatives of the reporting person who are also in a work-related connection with the reporting person’s employer or customer or recipient of services.
- Extension of the Definition of Penalisation – While some of the categories of penalisation set out in the Directive may already fall within the definition of penalisation under the PDA, the Directive specifically provides that the following acts can constitute penalisation: withholding of training, negative performance assessment or employment references, ostracism, failure to convert a temporary employment contract into a permanent one, where the worker had legitimate expectations that he or she would be offered permanent employment, failure to renew or early termination of the temporary employment contract, harm to a person’s reputation, particularly in social media, or financial loss, including loss of business and loss of income, blacklisting, early termination or cancellation of a contract for goods and services, cancellation of a licence or permit and or psychiatric or medical referral.
- Introduction of Strict Timeframes – The Directive will impose a tight timeframe on recipients for processing protected disclosures. The recipient will have to acknowledge receipt within seven days and to “diligently follow-up on disclosures” within three months (this can be extended to six months if duly justified). Feedback, which may not necessarily be the outcome of an investigation, will be required within three months (with a possible extension to six months).
- Clarity regarding the role of “Prescribed Persons” – The Directive introduces specific provisions for “competent authorities” to whom disclosures can be made, including:
- ensuring the establishment of secure internal reporting channels which protect confidentiality;
- designating a neutral person or department to follow up on reports;
- thoroughly following up on reports within the three (or six) month timeframe;
- the option to transfer the disclosure to another competent authority if they are not competent to deal with it; and
- the requirement to communicate the results of any investigation triggered by a disclosure to the reporting person.
- Grievances – the preamble to the Directive provides that Member States are free to decide to provide that reports concerning interpersonal grievances “exclusively affecting the reporting person”, namely grievances about interpersonal conflicts between the reporting person and another worker, can be channelled through other procedures.
- Publishing of Information – The Directive introduces a requirement for a competent authority to publish certain information on its website and review and update this every three years. Required information includes:
- the conditions under which a reporting person qualifies for protection;
- details of how the disclosure will be processed, confidentiality provisions and how personal data will be protected;
- details of the relevant timelines and feedback format;
- remedies and procedures for protecting against retaliation; and
- contact details for any relevant body which provides advice to reporting persons.
- Access to Legal Aid – The Directive imposes an obligation on a competent authority to ensure that a reporting person has access “as appropriate” to legal aid, legal counselling, or other legal assistance in accordance with national law. How this will sit with the regime of the Workplace Relations Commission is unclear as there is no currently no legal aid regime for WRC complaints.
- Extension of Protection – The Directive provides for the extension of the protection against penalisation and retaliation to people who make information available in the public domain.
- Limits to Liability of Reporting Persons – The Directive provides for the removal of liability for a reporting person where he/she makes a disclosure which involves, amongst others, defamation, copyright breach, breach of secrecy or data protection rules or disclosure of trade secrets, where the reporting person has “reasonable grounds” to believe the disclosure is necessary to reveal the breach.
Employers which already have an internal whistleblowing procedures may need to make changes to those procedures in light of the Directive.
Employers which do not have an internal whistleblowing systems in place but which fall within the ambit of the Directive will need to establish and maintain whistleblowing procedures, details of which will, however, depend on the how and when the Directive is implemented in Ireland.